FirewareV and XTMv are Firebox models designed to run in the VMware ESXI or Microsoft Hyper-V environment. These models use the same Fireware OS and management software as other Fireboxes. You can use WatchGuard System Manager, Fireware Web UI, and the Command Line Interface (CLI) to manage a FireboxV or XTMv virtual machine just as you manage any other Firebox.

Models and Licensing

FireboxV and XTMv devices are licensed in several different models, which provide different levels of scalability and performance:

Firebox V models

XTMv Models

Small

Medium

Large

Extra Large

Small Office Edition

Medium Office Edition

Large Office Edition

Datacenter Edition

When you activate your FireboxV or XTMv device, a feature key is generated. The feature key adds a device serial number and enables the Fireware capabilities for the licensed FireboxV model or XTMv model. The feature key is installed on the FireboxV or XTMv virtual machine during setup.

Hypervisor Compatibility

A WatchGuard FireboxV or XTMv virtual machine can run in these environments:

VMware ESXi 5.5, 6.0, or 6.5 host (Firebox-V)

VMware ESXi 5.0, 5.1, 5.5, or 6.0 host (XTMv)

Windows Server 2008 R2 and Hyper-V Server 2008 R2

Windows Server 2012 R2 and Hyper-V Server 2012 R2

Windows Server 2016 and Hyper-V Server 2016

Fireware OS Limitations

FireboxV and XTMv use the same Fireware OS and support the same features and subscription services as other Firebox models, with the exception of a few features that are hardware-dependent.

Fireware features not supported on FireboxV and XTMv include:

Active/active FireCluster in VMware ESXi (FireCluster is not supported at all for Hyper-V)

Bridge mode network configuration

Hardware diagnostics CLI commands

Automatically save a support snapshot to a USB drive

Automatically restore a saved backup image from a USB drive

Virtual Switch Configuration

To work correctly, some Fireware networking features require that you configure the virtual switch on your network in promiscuous mode. These features are:

Drop-in mode network configuration

Network bridge

Mobile VPN with SSL, with the Bridged VPN Traffic setting

To use these features in an ESXi environment, configure the vSwitch to operate in promiscuous mode.

Virtual switches in Microsoft Hyper-V do not support promiscuous mode, so these features are not supported in a Hyper-V environment.

To use multiple VLANs on a single interface in an ESXi environment, configure the VSwitch for the VLAN interface to use VLAN ID 4095 (All).

FireCluster vSwitch Configuration

There are additional switch requirements for an active/passive FireCluster in an ESXi environment:

Configure the vSwitch that connects to the FireCluster management interface to operate in promiscuous mode

Configure any vSwitch that connects to a FireCluster external interface to accept MAC address changes